UBUNTU-CVE-2024-47211

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-47211

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-47211.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2024-47211

Related

CVE-2024-47211

Published

2024-10-04T18:15:00Z

Modified

2025-01-13T10:26:19Z

Summary

[none]

Details

In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied image_source URLs when configured to convert images to a raw format for streaming.

References

Affected packages

Ubuntu:Pro:16.04:LTS / ironic

Package

Name: ironic
Purl: pkg:deb/ubuntu/ironic@1:5.1.2-0ubuntu1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:4.*

1:4.2.0-0ubuntu1

1:4.3.0-0ubuntu1

1:5.*

1:5.1.0-0ubuntu1

1:5.1.2-0ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / ironic

Package

Name: ironic
Purl: pkg:deb/ubuntu/ironic@1:10.1.1-0ubuntu2?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:9.*

1:9.1.0-0ubuntu2

1:9.2.0-0ubuntu1

1:10.*

1:10.0.0-0ubuntu1

1:10.1.0-0ubuntu1

1:10.1.1-0ubuntu1

1:10.1.1-0ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / ironic

Package

Name: ironic
Purl: pkg:deb/ubuntu/ironic@1:15.0.0-0ubuntu0.20.04.1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:13.*

1:13.0.1-0ubuntu1

1:14.*

1:14.0.0~b1~git2019121713.76597ca93-0ubuntu1

1:14.0.0~b1~git2019121713.76597ca93-0ubuntu2

1:14.0.0-0ubuntu1

1:14.0.1~git2020032415.de2d907fc-0ubuntu1

1:14.0.1~git2020041013.af9e6ba90-0ubuntu2

1:15.*

1:15.0.0-0ubuntu0.20.04.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / ironic

Package

Name: ironic
Purl: pkg:deb/ubuntu/ironic@1:20.1.0-0ubuntu1.2?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:18.*

1:18.2.0-0ubuntu1

1:18.2.0+git2021120910.cdc3b9538-0ubuntu1

1:19.*

1:19.0.0+git2022011216.7beadee46-0ubuntu1

1:20.*

1:20.0.0+git2022030313.4e6a3d52e-0ubuntu1

1:20.1.0-0ubuntu1

1:20.1.0-0ubuntu1.1

1:20.1.0-0ubuntu1.2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / ironic

Package

Name: ironic
Purl: pkg:deb/ubuntu/ironic@1:26.1.0-0ubuntu1?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:24.*

1:24.1.1-0ubuntu1

1:24.1.1-0ubuntu2

1:26.*

1:26.0.0+git2024080716.701ad07b-0ubuntu1

1:26.0.0+git2024080716.701ad07b-0ubuntu2

1:26.1.0-0ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / ironic

Package

Name: ironic
Purl: pkg:deb/ubuntu/ironic@1:24.1.1-0ubuntu1.2?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:23.*

1:23.0.0-0ubuntu3

1:23.1.0+git2024011916.a374a0c1-0ubuntu1

1:24.*

1:24.1.0-0ubuntu1

1:24.1.1-0ubuntu1

1:24.1.1-0ubuntu1.2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}